1. Field of the Invention
This invention relates to computer system security and, more particularly, to an apparatus and method for securing against accessing sensitive information entered into memory by a universal serial bus ("USB") input device.
2. Description of the Related Art
Securing a computer system involves preventing unauthorized access to sensitive data and/or instructions contained within various hardware resources attributed to that system. The terms "instructions" and "data" refer generically to all forms of electronic information, including data entries and files created by instructions as well as the executable instructions themselves.
Typically a computer system will include a plurality of hardware resources. Resources which can contain sensitive information include any and all peripheral devices connected to a peripheral bus as well as the system memory coupled to the processor bus. For example, system memory may include sensitive data or instructions against which access should be selectively prevented. The system memory is often denoted as semiconductor memory and includes a large contiguous address space often configured as DRAM or synchronous DRAM (SDRAM).
One mechanism used to secure a computer system is a technique known as password matching. For example, a password previously stored within non-volatile memory can be entered into volatile memory proximate to a comparator during reset or boot-up of the computer system. The previously stored password can then be compared against a user-entered password to determine if that user is allowed access. Typically, the volatile memory which receives the previously stored password, as well as a comparator locally linked to the volatile memory, are contained in what is often referred to as a "black box". Description of a black box security device is generally set forth in U.S. Pat. No. 5,748,888 (herein incorporated by reference).
The user-entered password can be entered by a hardware resource connected to the computer system via a universal serial bus ("USB"). A USB input device, e.g., USB keyboard is generally configured to receive the user-entered password and store that password within system memory before being transferred to the black box. Unfortunately, that user-entered password may remain within system memory even after it is called upon for verification. This implies that unauthorized users can gain access to the portion of system memory which contains the user-entered password. In so doing, an unauthorized user may gain access to and therefore breach the internal security of the computer system. Measures must be taken to prevent unauthorized access of the system memory, especially in situations where the user-entered password is input to the system memory from a USB input device, such as a USB keyboard.
Many modem computer systems employ a USB for several reasons. Such as, ubiquitous and inexpensive connectivity to existing serial lines, such as telephone, fax, and modem ports. The USB protocol has proved especially useful not only when connecting to existing bi-directional serial lines, but also as an overall expansion port to numerous hardware resources, such as keyboards, mice, etc. As such, USB proliferation is particularly acute is personal computer systems which depend on a rather simple, token scheduled protocol and which utilize a dynamic (or "hot") attachment and removal scheme.
The overall topography of a USB is that there is only one host, or host controller, located upon the USB. The host controller may be implemented in a combination of hardware, firmware, and/or software, and has a single attachment point for connecting to a hub or a function. The hub may be integrated within the host system to provide multiple attachment points therefrom.
A problem encountered by USB protocol, and related to the overall concern of maintaining system memory security, is that when a USB-coupled keyboard forwards password information, that information will be placed within system memory without regard to its security. Thus, the password within system memory can be retrieved by a "hacker" to compromise the security and integrity of not only the computer associated with that system memory, but many other computers networked thereto. Another problem associated with USB protocol is that after the USB host controller polls the USB keyboard for valid data resulting from a key being pressed upon the keyboard, the host controller temporarily places that data in a data buffer located within the host controller. Unauthorized access to that data buffer can occur prior to its transfer to system memory. It would therefore be desirable to introduce a USB host controller which can prevent unauthorized access to data and/or information entered onto the data buffer and/or system memory via the USB keyboard. It would be of further benefit to not modify in any way the existing USB protocol or the hardware associated with the USB host controller and/or USB devices (hubs and functions) connected to the USB host controller via the USB. Specifically, an improvement would be gained by implementing a security methodology which is seamless and transparent to the USB and computer system user.